Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libu2f-server-1.1.0/tests/basic.c
Examining data/libu2f-server-1.1.0/tests/core.c
Examining data/libu2f-server-1.1.0/tests/openssl.c
Examining data/libu2f-server-1.1.0/u2f-server/crypto.h
Examining data/libu2f-server-1.1.0/u2f-server/sha256.c
Examining data/libu2f-server-1.1.0/u2f-server/openssl.c
Examining data/libu2f-server-1.1.0/u2f-server/error.c
Examining data/libu2f-server-1.1.0/u2f-server/b64/cdecode.h
Examining data/libu2f-server-1.1.0/u2f-server/b64/cencode.h
Examining data/libu2f-server-1.1.0/u2f-server/global.c
Examining data/libu2f-server-1.1.0/u2f-server/sha256.h
Examining data/libu2f-server-1.1.0/u2f-server/internal.h
Examining data/libu2f-server-1.1.0/u2f-server/version.c
Examining data/libu2f-server-1.1.0/u2f-server/cencode.c
Examining data/libu2f-server-1.1.0/u2f-server/u2f-server.h
Examining data/libu2f-server-1.1.0/u2f-server/cdecode.c
Examining data/libu2f-server-1.1.0/u2f-server/u2f-server-version.h
Examining data/libu2f-server-1.1.0/u2f-server/core.c
Examining data/libu2f-server-1.1.0/src/cmdline.h
Examining data/libu2f-server-1.1.0/src/cmdline.c
Examining data/libu2f-server-1.1.0/src/u2f-server.c
FINAL RESULTS:
data/libu2f-server-1.1.0/src/cmdline.c:355:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s);
data/libu2f-server-1.1.0/src/cmdline.c:607:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hVo:i:c:a:k:p:dx:", long_options, &option_index);
data/libu2f-server-1.1.0/src/cmdline.c:324:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(filename, "w");
data/libu2f-server-1.1.0/src/u2f-server.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/libu2f-server-1.1.0/src/u2f-server.c:100:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(args_info.key_handle_arg, "rb")) == NULL) {
data/libu2f-server-1.1.0/src/u2f-server.c:129:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(args_info.user_key_arg, "rb")) == NULL) {
data/libu2f-server-1.1.0/src/u2f-server.c:210:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(args_info.x509cert_arg, "w");
data/libu2f-server-1.1.0/src/u2f-server.c:225:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(args_info.key_handle_arg, "wb")) == NULL) {
data/libu2f-server-1.1.0/src/u2f-server.c:245:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(args_info.user_key_arg, "wb")) == NULL) {
data/libu2f-server-1.1.0/u2f-server/core.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[U2FS_CHALLENGE_RAW_LEN];
data/libu2f-server-1.1.0/u2f-server/core.c:616:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*user_public_key, data + offset, U2FS_PUBLIC_KEY_LEN);
data/libu2f-server-1.1.0/u2f-server/core.c:626:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*keyHandle, data + offset, *keyHandle_len);
data/libu2f-server-1.1.0/u2f-server/core.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[_B64_BUFSIZE];
data/libu2f-server-1.1.0/u2f-server/core.c:844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge_parameter[U2FS_HASH_LEN],
data/libu2f-server-1.1.0/u2f-server/core.c:857:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dgst[U2FS_HASH_LEN];
data/libu2f-server-1.1.0/u2f-server/core.c:1079:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) counter, data + offset, U2FS_COUNTER_LEN);
data/libu2f-server-1.1.0/u2f-server/core.c:1248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge_parameter[U2FS_HASH_LEN],
data/libu2f-server-1.1.0/u2f-server/core.c:1261:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dgst[U2FS_HASH_LEN];
data/libu2f-server-1.1.0/u2f-server/internal.h:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[U2FS_CHALLENGE_B64U_LEN + 1];
data/libu2f-server-1.1.0/u2f-server/openssl.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*output, PEM_data, length);
data/libu2f-server-1.1.0/u2f-server/sha256.c:163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md->buf + md->curlen, in, (size_t) n);
data/libu2f-server-1.1.0/u2f-server/sha256.h:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/libu2f-server-1.1.0/src/cmdline.c:132:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(CMDLINE_PARSER_PACKAGE_NAME) ? CMDLINE_PARSER_PACKAGE_NAME : CMDLINE_PARSER_PACKAGE),
data/libu2f-server-1.1.0/src/cmdline.c:135:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_versiontext) > 0)
data/libu2f-server-1.1.0/src/cmdline.c:142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_purpose) > 0)
data/libu2f-server-1.1.0/src/cmdline.c:145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_usage) > 0)
data/libu2f-server-1.1.0/src/cmdline.c:150:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_description) > 0)
data/libu2f-server-1.1.0/src/cmdline.c:245:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, len = strlen(val); values[i]; ++i)
data/libu2f-server-1.1.0/src/cmdline.c:251:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[i]) == len)
data/libu2f-server-1.1.0/src/cmdline.c:352:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*)malloc(strlen(s) + 1);
data/libu2f-server-1.1.0/src/u2f-server.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(args_info.challenge_arg) != U2FS_CHALLENGE_B64U_LEN) {
data/libu2f-server-1.1.0/src/u2f-server.c:215:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fwlen = fwrite(pem, 1, strlen(pem), fp);
data/libu2f-server-1.1.0/src/u2f-server.c:216:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwlen != strlen(pem)) {
data/libu2f-server-1.1.0/src/u2f-server.c:231:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(u2fs_get_registration_keyHandle(reg_result)),
data/libu2f-server-1.1.0/src/u2f-server.c:232:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp) != strlen(u2fs_get_registration_keyHandle(reg_result))) {
data/libu2f-server-1.1.0/tests/core.c:68:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ck_assert_int_eq(strlen(ctx->challenge), U2FS_CHALLENGE_B64U_LEN);
data/libu2f-server-1.1.0/tests/core.c:72:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ck_assert_int_eq(strlen(ctx->challenge), U2FS_CHALLENGE_B64U_LEN);
data/libu2f-server-1.1.0/u2f-server/core.c:200:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(challenge) != U2FS_CHALLENGE_B64U_LEN)
data/libu2f-server-1.1.0/u2f-server/core.c:203:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctx->challenge, challenge, U2FS_CHALLENGE_B64U_LEN);
data/libu2f-server-1.1.0/u2f-server/core.c:228:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx->keyHandle = strndup(keyHandle, strlen(keyHandle));
data/libu2f-server-1.1.0/u2f-server/core.c:691:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t registrationData_len = strlen(registrationData);
data/libu2f-server-1.1.0/u2f-server/core.c:725:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t clientData_len = strlen(clientData);
data/libu2f-server-1.1.0/u2f-server/core.c:743:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*output = strndup(data, strlen(data));
data/libu2f-server-1.1.0/u2f-server/core.c:849:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ctx->appid));
data/libu2f-server-1.1.0/u2f-server/core.c:854:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(clientData_decoded));
data/libu2f-server-1.1.0/u2f-server/core.c:887:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*output)->keyHandle = strndup(buf, strlen(buf));
data/libu2f-server-1.1.0/u2f-server/core.c:1099:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t signatureData_len = strlen(signatureData);
data/libu2f-server-1.1.0/u2f-server/core.c:1253:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ctx->appid));
data/libu2f-server-1.1.0/u2f-server/core.c:1258:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(clientData_decoded));
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 4926 in approximately 0.15 seconds (31901 lines/second)
Physical Source Lines of Code (SLOC) = 3107
Hits@level = [0] 74 [1] 27 [2] 20 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 123 [1+] 49 [2+] 22 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 39.588 [1+] 15.7708 [2+] 7.08079 [3+] 0.643708 [4+] 0.321854 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.